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WHAT IS CLAIMED IS: 

1. A computer system having an input/output 

processing unit for executing a file access, an access 
execution unit for requesting a file access to the 
input/output processing unit in response to a user 
instruction, and an access control unit for performing 
access control when the file access is executed, 
wherein: 

said access control unit comprises: 

a storage unit protected from the access 
execution unit; 

a file list stored in said storage unit and 
describing security levels of files; 

a user list stored in said storage unit and 
describing clearances of users; 

an access control processing unit for judging 
whether the file access is legal in accordance with 
said file list, said user list, an access type of the 
file access, information identifying a file, and 
information identifying a user; and 

an access monitor unit which: 

sends, when the input/output processing unit 
executes a file access, the access type, the 
information identifying the file, the information 
identifying the user to said access control processing 
unit; 

receives a validity judgement result of the 
file access from said access control processing unit; 



and 

if the file access is legal, makes the 
input/output processing unit execute the file access, 
whereas if the file access is illegal, inhibits the 
file access. 

2. A computer system with the access control 
unit according to claim 1, further comprising an 
exclusive control unit for protecting a storage area o 
said storage unit to be used by said access control 
processing unit from the access execution unit. 

3. A computer system with the access control 
unit according to claim 2, further comprising a user 
list setting/managing unit for setting and managing 
said user list. 

4. A computer system with the access control 
unit according to claim 3, wherein said user list 
setting/managing unit includes an authentication unit 
for authenticating a security administrator. 

5. A computer system with the access control 
unit according to claim 4, wherein the security 
administrator is different from a system administrator 
who manages the access execution unit. 

6. A computer system with the access control 
unit according to claim 1, further comprising a file 
list setting/managing unit for setting and managing 
said file list. 

7. A computer system with the access control 
unit according to claim 6, wherein said file list 



setting/managing unit includes an authentication unit 
for authenticating a security administrator. 

8. A computer system with the access control 
unit according to claim 7, wherein the security 
administrator is different from a system administrator 
who manages the access execution unit. 

9. A computer system with the access control 
unit according to claim 1, further comprising: 

an enciphering unit for enciphering a file if 
the file access for requesting to output a file to said 
storage unit is legal; and 

a deciphering unit for deciphering the 
enciphered file if the file access for requesting to 
input the enciphered file from said storage unit is 
legal . 

10. A computer system with the access control 
unit according to claim 9, wherein an exclusive control 
unit protects from the access execution unit a storage 
area in said storage unit storing at least one key 
information set to be used by said enciphering unit and 
said deciphering unit. 

11. A computer system with the access control 
unit according to claim 9, wherein said enciphering 
unit and said deciphering unit use a plurality set of 
different key information and at least one cipher 
method for each security level written in said file 
list. 

12. A computer system with the access control 



unit according to claim 1, further comprising an 
input/output monitor unit for monitoring that the 
input/output processing unit or said access monitor 
unit is not tampered or performs a predetermined 
operation, and instructing to inhibit an input/output 
of a file if the input/output processing unit or said 
access monitor unit is tampered or performs an 
operation different from the predetermined operation. 

13. A computer system with the access control 
unit according to claim 1, further comprising a file 
access log processing unit for storing and managing 
information on each file access sent to said access 
control processing unit. 

14. A computer system with the access control 
unit according to claim 1, wherein the access control 
unit is realized by a software module. 

15. A computer system with the access control 
unit according to claim 1, wherein the access control 
unit is realized by a hardware module. 

16. A computer system comprising: 

a storage unit for storing information 
necessary for various processes; 

a cipher function processing unit including 
deciphering processing unit or a digital signature 
generating unit; 

a key storage unit for storing key 
information to be used by said cipher function 
processing unit; 
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a cipher function request processing unit for 
requesting to execute a cipher function in response to 
a user instruction; 

a cipher function request monitor unit for 
monitoring a cipher function execution request from 
said cipher function request processing unit to said 
cipher function processing unit, sending the cipher 
function execution request to said cipher function 
processing unit, and receiving a process result from 
said cipher function processing unit; and 

an exclusive control unit for protecting from 
said cipher function request processing unit a storage 
area in said storage unit and said key storage unit to 
be used by said cipher function processing unit. 

17. A computer system according to claim 16, 
wherein said cipher function processing unit includes 
an authentication unit for authenticating a user. 

18. A computer system according to claim 16, 
wherein said cipher function processing unit is 
realized by a software module. 

19. A computer system according to claim 16, 
wherein said cipher function processing unit is 
realized by a hardware module. 



